What is security awareness? Our definition is multi-faceted, and includes the ability to identify known and unknown threats, being aware of the technologies, products and services that can defuse those threats, knowing how to operate the products and systems you have, and most importantly the awareness that these systems must be used, and must be used all of the time.
CSO (Chief Security Officer) generally responsible for overseeing and maintaining information assets, intellectual property and computer systems, sometimes also physical security of employees. He set goals and objectives that are consistent with the protection of the company’s strategic plan and manage the development and implementation of policies, standards, guidelines and security procedures in general. He also manages relationships with law enforcement and other legal institutions, and oversee the security leak investigation and the various things as well as related legal matters. He also works with third-party consultants to perform independent security audits.
Responsibilities of security concerns often fell on the shoulders of IT executives and department. As a result, they were forced to work hard to meet the demands of access and application delivery from lines of business (LOB) it. In addition, they also overcome responsibility of the security holes as the impact of changes were made to meet these demands. Not to mention finding a solution to overcome so many security problems, such as fraud and theft of information by employees, security network for the teleworker, and much more.
Handling security risks need to cover several different areas, including development of policies and procedures, implementation of protective measures, and audit policies, procedures and protective measures themselves. All that can be done internally or outsourced themselves with the security provider and the company’s audit. However, this step could create complications for executives of IT, which seeks to meet the needs of the LOB in the future without having to harm the security and adds to the complexity and administrative costs.
To handle this problem, many companies looked at the role of these CSO.
In all cases, an effective CSO must cooperate with the executive team to achieve business goals. CSO also need to utilize this partnership to lighten their work in communicating the problem of security in the company so that security awareness can be achieved. The existence of security awareness training can provide effective measures against the assets of a company or organization to realize a reliable IT security.
If a company is having problems with IT security, the existence of a CSO could at least reassure and convince the public that the matter had received attention and there are companies that handle it.